# **SoC Security:** Making a Case for Automation

**Beau Bakken** 

www.caspiatechnologies.com



## **SoC Security**









### Solutions



# **Protecting Hardware IPs**





## **Insecure Design / Manufacturing Flow**



#### **Insider IP Theft**

What: Insiders get easy access to the IP

Where: Design flow

#### Overproduction

What: More chips are produced than agreed upon

Where: Fabrication facilities

#### Leaked Design File

What: Design ends up in hands of an unauthorized entity

Where: Rogue employee, outside hacker, compromised software, foundry

#### Reverse Engineering

What: Chip is reversed engineered, and the design IP is extracted

Where: Customer



## **IPPx: Structural and Functional Locking**





### **IPPx: Test Access Control**



- Scan locking obfuscates the input/output shifted though DFT
- Only authorized users know the key to decrypt the values

| Content                | Unlocked Design | esign Locked Design |      |  |  |                                                      |
|------------------------|-----------------|---------------------|------|--|--|------------------------------------------------------|
| Pattern Shifted In     | 1001            |                     | 1001 |  |  | Transformation<br>only authorized<br>users will know |
| Values delivered to IP | 1001            |                     | 1100 |  |  |                                                      |
| Values from IP         | 0101            |                     | 0001 |  |  |                                                      |
| Pattern Shifted Out    | 0101            |                     | 0110 |  |  |                                                      |



### **IPPx: Watermarking**



**Definition:** Altering a piece of data to embed identifying information

Goal: Provide proof of ownership

- Uniquely identify IP cores to deter IP piracy
- Trace pirated IPs back to their source

#### **Principals:**

- Not easily perceivable
- Hard to remove by adversary
- Easy to identify for the author
- Challenge-Response function is secret



# **Protecting Assets**





### **Security Assets**

#### Asset: A resource of value worth protecting from an adversary

#### **Security Assets in SoCs:**

- On-device keys (developer/OEM)
- Device configuration
- Manufacturer Firmware
- Application software
- On-device sensitive data
- Communication credentials
- Random number or entropy
- E-fuse,
- PUF, and more...



Source: Intel

# Caspia Technologies

#### **Protect Assets: Strong Algorithms, Weak Implementation**

#### Strong Algorithm & Architecture

#### Weak Implementation & Execution



### Algorithms, architectures, and policies could be impacted by design methods that do not understand Security!



## **The Rise of Fault Injection**

Chip.Fail - Glitching the Silicon of the Connected World

**BYPASSING SECURE BOOT USING FAULT INJECTION** 

MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection

#### NVIDIA Confirms Voltage Glitch Attack Vulnerability on Tesla Autopilot

#### CLKSCREW

Exposing the Perils of Security-Oblivious Energy Management









## **Fault Injection Techniques**

Caspia Technologies



## **Existing Countermeasures**



- Example Sensors
- Disadvantages:
  - Large overhead impact
  - Not localized to specific security feature



#### **Error Detection**

- Example Hardware/time redundancy
- Disadvantages:
  - Large overhead (area/time)
  - Not localized to specific security feature





## **AFIX: Protect Security Properties**



ia Technologies

**Security Properties:** Behaviors that must be implemented to maintain security of the design

• Example SP: Done signal should not be raised early during AES encryption







#### Side-channel analysis is a *powerful attack*



## Caspia Technologies

### **SCMx: Power Side-Channel Assessment**

- Early design-stage assessment (RTL) allows greatest flexibility for protection
- > Need for metrics to drive design enhancements



# **Protecting Lifecycle**



### **Device-to-System**



# Quantifiable Assurance





# **Metrics throughout SDL**

ia Technologies





# Recommendation



### Recommendation

- Comprehensive Hardware Vulnerability Database
- Designed-in security Standards
  - Metrics, Standards
- Design with life cycle in mind
  - Device  $\rightarrow$  Systems
  - Traceability & provenance
- <u>Hardware Upgrade</u>  $\rightarrow$  Zero day
- <u>Automation</u>
  - Reduce complexity & cost







# Caspia is hiring!

careers@caspiatechnologies.com





www.linkedin.com/company/caspia-technologies

